DOCSLIB.ORG

Practical Pitfalls for Security in OPC UA

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Practical Pitfalls for Security in OPC UA Practical Pitfalls for Security in OPC UA Alessandro Erba∗y, Anne Muller¨ ∗y, Nils Ole Tippenhauer∗ ∗CISPA Helmholtz Center for Information Security, ySaarbrucken¨ Graduate School of Computer Science, Saarland University [alessandro.erba, anne.mueller, tippenhauer]@cispa.de Abstract—In 2006, the OPC Foundation released the first (i.e. client impersonation), and iii) Middleperson attacks. For specification for OPC Unified Architecture protocol, one of example, an attacker can feed wrong information to clients the industrial protocols that promises security features such (Rogue Server attack), eavesdrop, and change values which as authentication, authorization, integrity, and confidentiality. Challenges in the practical adoption of those security features can directly alter the physical process (Rogue Client attack), by product vendors, libraries implementing the standard, and or both (Middleperson attack). In 2017, the German Federal end-users were not investigated so far. Office for Information Security (BSI) released the ‘OPC UA In this work, we systematically investigate practical challenges Security Analysis’ [2], reporting that ‘No systematic errors to configure OPC UA securely. In particular, we review 48 could be detected’ in the OPC UA standard. In addition, the artifacts consisting of products and libraries for OPC UA and show that 38 out of the 48 artifacts have one (or more) security BSI recommended using only ‘Sign’ or ‘SignAndEncrypt’ as issue. In particular, we show that 7 OPC UA artifacts do security mode, with ‘Basic256Sha256’ as security policy, and not support the security features of the protocol at all. In configure a user authentication mechanism. addition, 31 artifacts that partially feature OPC UA security rely Nevertheless, there seem to be significant challenges to set on incomplete libraries and come with misleading instructions. up secure OPC UA deployments in practice. In [3], Dahlmanns Consequently, relying on those products and libraries will result in vulnerable implementations of OPC UA security features. We et al. perform a scan for OPC UA servers reachable over design, implement and demonstrate attacks in which the attacker the Internet and find that 92% of the reachable deployments can steal credentials exchanged between victims, eavesdrop on show issues with security configuration. Among those, 44% process information, manipulate the physical process through of the servers are accessible without any authentication re- sensor values and actuator commands, and prevent the detection quirements. To mitigate that issue, the authors suggest (similar of anomalies in the physical process. to [2]) to disable insecure security modes and policies and enforce user authentication. Their findings demonstrate that I. INTRODUCTION such suggestions are still not applied in a significant number Interconnection of industrial components carries security of deployments. The authors believe that this is due to the concerns that need to be addressed at different levels to configuration complexity of the OPC UA security features. allow secure industrial plants. One among the others is the In this work, we systematically investigate practical chal- security of the communication protocol adopted for Machine lenges to configure OPC UA in a secure way and prevent to Machine (M2M) communication. In 2006, the OPC Foun- the three attacks outlined above. In particular, we show that dation released the first specification for the OPC Unified many OPC UA products have missing support for security Architecture (OPC UA) protocol [1], an industrial protocol that features of the protocol. In addition, products that claim to promises security features such as authentication, authoriza- feature OPC UA security rely on libraries that are incomplete, tion, integrity, and confidentiality. OPC UA is a client/server difficult to use and provide instructions that lead to insecure architecture, e.g., in an ICS the OPC UA server is running on settings. Lastly, we also show that several popular OPC a Programmable Logic Controller (PLC) to publish industrial UA libraries provide vulnerable implementations of OPC UA arXiv:2104.06051v1 [cs.CR] 13 Apr 2021 process sensor readings and control its state. Those values can security features. be read and modified by an OPC UA client running on other To assess the vulnerability of available libraries, we cre- industrial devices or end-user systems. ate a framework that implements the three proposed attacks Although OPC UA provides features to ensure security (i.e. Rogue Server, Rogue Client, Middleperson). For each and confidentiality properties, they do not work out of the library, we set up a client and/or server application using box. OPC UA requires a correct configuration to guaran- protocol options that can be expected to provide a secured tee secure communication. For example, OPC UA specifies OPC UA instance, and then attack that system. For cases where a number of alternative securityModes (i.e., configurations the attacks succeed, we further investigate the cause for the for application authentication and encryption ranging from vulnerability. In particular, we show that Middleperson attacks ‘None’ to ‘SignAndEncrypt’), securityPolicies (i.e., algorithms are possible if vulnerable servers and clients are present in used for asymmetric encryption ranging from ‘None’ to the same network, and such attacks allow to manipulate the ‘Basic256Sha256’) and UserIdentityToken (i.e., configurations process and prevent reliable control of the system. Surpris- for user authentication). The main attacks to mitigate are i) ingly, we find that even recovery of plaintext credentials from Rogue Server (i.e. server impersonation), ii) Rogue Client intercepted encrypted communications is easily possible with our Rogue Server and Middleperson attacks. This finding is in contrast to prior work [4], where the authors perform a Middleperson attack on OPC UA applications and conclude that it is impossible to recover user passwords in OPC UA systems (even with security mode ‘None’). Contributions. We summarize our contributions as follows • We systematically analyze proprietary products and iden- tify reoccurring issues with the availability, and setup instructions for OPC UA security features • We systematically analyze available libraries and identify reoccurring issues with the implementation of security features • We demonstrate the feasibility of the identified attacks by implementing all three attacks with a proof-of-concept application (we plan to release a proof of concept of our framework as open-source) The remainder of this work is organized as follows. In II we (a) (b) present the details of the OPC UA protocol. In III we present Fig. 1. Figure (a) gives an overview over the connection establishment the system and attacker model, as well as the approach we use procedure between client and server. The server provides a list of endpoints, to conduct our research. In IV we explain how we build the where each endpoint consist of a Security Mode, a Security Policy and a User Identity Token. The client selects which endpoint it wants to connect to. If framework that we use to analyze the available libraries. In the mode Sign or SignAndEncrypt is chosen the server and client each have V we report the results of our research. A discussion of our to send their public certificate along with the endpoint to establish the secure findings is presented in VI, followed by conclusions in VIII. channel. Figure (b) shows the options available for the endpoint configuration. The Security Mode, Security Policy and User Identity Token can be chosen independently from each other. II. BACKGROUND In this section, we present the background related to the OPC UA protocol and its security features. OPC UA features None, Basic128Rsa15 (Deprecated), Basic256 (Deprecated), several options to change the level of security achieved for a Aes128-Sha256-RsaOaep, Basic256Sha256, Aes256-Sha256- connection. RsaPss. Finally, the UserIdentityToken defines the supported user authentication methods for an endpoint: Anonymous (no A. OPC Unified Architecture user authentication), Username&Password, Certificate [5]. OPC UA [1] is an industrial communication protocol devel- When initiating a connection, the client can choose the end- oped by the OPC foundation. The protocol allows platform- point to connect to (from an unauthenticated list of endpoints independent and secure communication by design. The first provided by the server). version of OPC UA Unified Architecture was released in 2006, followed by four other releases up to the current specification B. Certificate Management in OPC UA 1.04 released in 2018. Eighteen parts constitute the protocol In order to establish a secure connection (Security Mode specification, each describing a feature of the protocol. Part 2 different from ‘None’), OPC UA applications (Clients and describes the security model of OPC UA, and Part 4 describes Servers) need to perform application authentication by ex- the services that implement security primitives. changing their Application Instance Certificates. Upon re- The standard details two communication strategies: a client- ceiving a certificate, an application needs to decide whether server model and a publisher-subscriber model. Both models the received application certificate is trustworthy and the allow messages to be signed to ensure authenticity or signed connection can be established or not. To this end, each OPC and encrypted to add confidentiality. OPC UA does not enforce UA application
Load more

Recommended publications
  • Accessing PI System Using OPC Unified Architecture
    Accessing PI System using OPC Unified Architecture Alisher Maksumov OPC Development Group Lead OSIsoft, Inc. Agenda • What is OPC Unified Architecture? • OPC UA Web Services • Information Modeling • Client and Sever Communication • Exposing PI System • Server and Client Demo • OPC UA Roadmap • Summary What is OPC Unified Architecture? • Next generation of OPC technology – Platform independent • Designed with SOA principles – Extensible, discoverable – Well defined message syntax • Mapped into Web Services – WSDL, XML schema, SOAP – Message exchange over HTTP/HTTPS • Supports enhanced security – Certificates, Encryption, Signature • Adopts Information Modeling concepts – Browsable and discoverable Address Space model – Objects, Nodes, Types, Data Variables, Properties OPC UA Specification • Part 1 – Concepts • Part 2 – Security • Part 3 – Address Space Generic Parts • Part 4 – Services • Part 5 – Information Model • Part 6 – Mappings Mapping to Web Services • Part 7 – Profiles Supported features • Part 8 – Data Access • Part 9 – Alarms and Conditions Parts specific to classic • Part 10 – Programs OPC mapping • Part 11 – Historical Access • Part 12 – Discovery OPC Server discovery • Part 13 – Aggregates OPC UA Web Services • Defined in OPC UA Spec (Parts 4, 6) and OPC UA WSDL • Can be group into service sets: – Discovery Service Set • FindServers, GetEndpoints, RegisterServer – Secure Channel Service Set • OpenSecureChannel, CloseSecureChannel – Session Service Set • Create, Activate, Close Session – Node Management Service Set • Add and
    [Show full text]
  • OPC UA Server App OPC UA Server for Ctrlx CORE
    Application Manual OPC UA Server App OPC UA Server for ctrlX CORE R911403778, Edition 03 Copyright © Bosch Rexroth AG 2021 All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. Liability The specified data is intended for product description purposes only and shall not be deemed to be a guaranteed characteristic unless expressly stipulated in the contract. All rights are reserved with respect to the content of this documentation and the availability of the product. DOK-XCORE*-OPCUA*SERV*-AP03-EN-P DC-IA/EPI5 (TaDo/MePe) f5f200cddfc773880a347e883d356b4f, 3, en_US OPC UA Server App 3 / 31 Table of contents 1 About this documentation 4 2 Important directions on use 5 2.1 Intended use. 5 2.1.1 Introduction. 5 2.1.2 Areas of use and application . 5 2.2 Unintended use. 6 3 Safety instructions 7 4 Introduction into the OPC Unified Architecture 9 4.1 General information. 9 4.2 Overview on specifications . 9 4.3 Information model . 10 4.4 Service-oriented architecture . 10 5 Rexroth ctrlX OPC UA Server 17 5.1 The ctrlX OPC UA Server in the ctrlX AUTOMATION . 17 5.2 Installation on ctrlX CORE. 17 5.3 Properties. 19 5.4 Configuration . 19 5.4.1 Certificate configuration . 20 6 Related documentation 23 6.1 Overview. 23 6.2 ctrlX AUTOMATION. 23 6.3 ctrlX WORKS. 23 6.4 ctrlX CORE. 24 6.5 ctrlX CORE Apps. 24 7 Service and support 27 8 Index 29 R911403778, Edition 03 Bosch Rexroth AG 4 / 31 OPC UA Server App 1 About this documentation Editions of this documentation Edition Release Notes date 01 2020-06 First edition 02 2021-01 Revision ctrlX CORE version UAS-V-0106 03 2021-04 Revision ctrlX CORE version UAS-V-0108 Bosch Rexroth AG R911403778, Edition 03 OPC UA Server App 5 / 31 Intended use 2 Important directions on use 2.1 Intended use 2.1.1 Introduction Rexroth products are developed and manufactured to the state-of-the-art.
    [Show full text]
  • Comtrol IO-Link to OPC UA
    FOR IMMEDIATE RELEASE CONTACT: Jordan DeGidio Marketing Specialist +1 763.957.6000 [email protected] Comtrol Implements OPC-UA connectivity with MultiLink™ on IO-Link Master family MINNEAPOLIS, Minnesota – April 21, 2017 — Comtrol Corporation, a manufacturer of industrial device connectivity products and the official North American IO-Link Competency Center, today announced the availability of OPC-UA support with its MultiLink™ technology on its IO-Link Master family of products. OPC Unified Architecture (OPC-UA) is a machine to machine communication protocol developed for industrial automation. OPC-UA allows customers to communicate with industrial equipment and systems for data connection and control, freely use an open standard, cross-platform, implement service-oriented architecture (SOA) software and utilize robust security. Comtrol’s MultiLink™ technology allows IO-Link Masters to simultaneously provide sensors Process data to PLC platforms, while also sending the sensors ISDU Service and Process data via Modbus TCP or OPC-UA upstream to IIoT/Industry 4.0 Cloud solutions or factory SCADA systems. Comtrol’s IO-Link Masters are available in three industrial Ethernet protocols: EtherNet/IP, Modbus TCP and PROFINET IO, which are all capable of running OPC UA with MultiLink™. “The OPC Foundation is very excited about the great work that Comtrol Corporation has been doing with the OPC UA technology. Their company specializes in quality networking and industrial data communication products, with the addition OPC UA to their portfolio of IO-Link Masters, factory automation users will have a seamless connection from IO-Link sensors and actuators to SCADA/HMI and cloud systems. This will add significant capability allowing seamless interoperability across the multitude of industrial networks and industrial devices says Thomas J Burke, OPC Foundation President & Executive Director.
    [Show full text]
  • Data Exchange in Distributed Mining Systems by OPC Unified Architec- Ture, WLAN and TTE VLF Technology
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by Technische Universität Bergakademie Freiberg: Qucosa REAL TIME MINING - Conference on Innovation on Raw Material Extraction Amsterdam 2017 Data exchange in distributed mining systems by OPC Unified Architec- ture, WLAN and TTE VLF technology. David Horner1, Friedemann Grafe2, Tobias Krichler1, Helmut Mischo1, Thomas Wilsnack2) 1 TU Bergakademie Freiberg 2 IBeWa Consulting ABSTRACT Mining operations rely on effective extraction policies, which base on concerted manage- ment and technical arrangements. In addition to commodities, mining of data is the in- creasingly matter of subject in mining engineering. The Horizon 2020 project – Real-Time- Mining supports the ongoing paradigm shift of pushing mining activities from discontinuous to continuous operation. In this respect, the partners TU Bergakademie Freiberg (TU BAF) and IBeWa Consulting tackle the issue of physical and logical data acquisition in under- ground mining. The first aspect of the project addresses the ‘logical’ provision of data. Mining technology is increasingly interacting among each other and integrated into globally distributed sys- tems. At the same time, the integration of current mining devices and machineries into su- perordinated systems is still complex and costly. This means only a few number of mining operators is capable to integrate their operation technology into a Supervisory Control and Data Acquisition (SCADA) system. TU BAF presents the middleware OPC Unified Archi- tecture, which is a platform independent middleware for data exchange and technology interconnection among distributed systems. By installing a SCADA demonstrator at the research and education mine Reiche Zeche, TU BAF intends to present the technical fea- sibility of a SCADA system basing on OPC UA even for SME mining operations.
    [Show full text]
  • Combining Automationml and OPC UA
    Combining AutomationML and OPC UA Dr.-Ing. Miriam Schleipen © Fraunhofer IOSB 1 Agenda • Motivation • Plug-and-work principles • Goals • Mapping of AutomationML and OPC UA • Access to the AutomationML model in OPC UA • Examples • Conclusion and Outlook © Fraunhofer IOSB 2 Motivation - Changes • Continuous changes of production systems reconfiguration of hardware and software components • Objects to change within a manufacturing enterprise • Products • Technological or logistical processes • Parts of the manufacturing facilities • Software systems • Company’s organization • interoperability and seamless semantic integration necessary © Fraunhofer IOSB 3 Initial situation - ‚Babylon‘ on the shopfloor Visualization / SCADA Production Monitoring & Control ? ? ? ? Ωασχηµοδυ Τροχκενµοδυλ Abc_23-xy_Vors. Τεµπερατυρ Bbc_24-xy_T ist Γεσχηωινδιγκειτ Image sources: MOC Danner, KUKA, MAG, Schunk © Fraunhofer IOSB 4 Plug-and-work • Term definition: • setting up, modification or termination of interoperation between two or more involved parties with minimal effort • Note 1: The interoperability of those involved is assumed. • Note 2: The minimum effort can vary depending on the state of the art. • Note 3: Plug & play and plug & produce are synonyms or similar terms. Source: I4.0 Glossary of the VDI GMA technical committee 7.21 »Industrie 4.0« © Fraunhofer IOSB 5 Unique Datamodels (yesterday-Level 1, today-Level 2, tomorrow-Industrie 4.0) Visualisation/ Evaluation New Application Control Function Knowhow/Meaning Semantic Models („Industry
    [Show full text]
  • Integration of OPC Unified Architecture with Iiot Communication Protocols in an Arrowhead Translator
    Integration of OPC Unified Architecture with IIoT Communication Protocols in an Arrowhead Translator Jesper Rönnholm Engineering Physics and Electrical Engineering, master's level 2018 Luleå University of Technology Department of Computer Science, Electrical and Space Engineering Integration of OPC Unified Architecture with IIoT Communication Protocols in an Arrowhead Translator Jesper R¨onnholm Master's thesis Dept. of Computer Science, Electrical and Space Engineering Lule˚aUniversity of Technology Supervisors: Jerker Delsing, Hasan Derhamy 2018 Abstract This thesis details the design of a protocol translator between the industrial-automation protocol OPC UA, and HTTP. The design is based on the architecture of the protocol trans- lator of the Arrowhead framework, and is interoperable with all of its associated protocols. The design requirements are defined to comply with a service-oriented architecture (SOA) and RESTful interaction through HTTP, with minimal requirement of the consuming client to be familiar with OPC UA semantics. Effort is put into making translation as transparent as possible, but limits the scope of this work to exclude a complete semantic translation. The solution presented in this thesis satisfies structural- and foundational interoperability, and bridges interaction to be independent of OPC UA services. The resulting translator is capable of accessing the content of any OPC UA server with simple HTTP-requests, where addressing is oriented around OPC UA nodes. Preface I was first introduced to the opportunity of doing this project as part of master's thesis in 2015 by Prof. Jerker Delsing. He was the coordinator of the Arrowhead Project, which at the time was the largest industrial automation project in Europe, with 78 partners and a budget of 68 million euro.
    [Show full text]
  • OPC Unified Architecture Interoperability for Industrie 4.0 and the Internet of Things
    1 OPC Unified Architecture Interoperability for Industrie 4.0 and the Internet of Things IoT Industrie 4.0 M2M 2 Welcome to the OPC Foundation! As the international standard for vertical and horizontal communication, OPC-UA provides semantic interoper- ability for the smart world of connect- ed systems. Thomas J. Burke President und Executive Director OPC Foundation OPC Unified Architecture (OPC-UA) is the data ex- OPC-UA is an IEC standard and therefore ideally change standard for safe, reliable, manufacturer- suited for cooperation with other organizations. and platform-independent industrial communication. As a global non-profit organization, the OPC Foun- It enables data exchange between products from dation coordinates the further development of the different manufacturers and across operating sys- OPC standard in collaboration with users, manufac- tems. The OPC-UA standard is based on specifica- turers and researchers. Activities include: tions that were developed in close cooperation be- tween manufacturers, users, research institutes and ➞ Development and maintenance of specifications consortia, in order to enable safe information ex- ➞ Certification and compliance tests of change in heterogeneous systems. implementations ➞ Cooperation with other standards organizations OPC has been very popular in the industry and also becoming more popular in other markets like the This brochure provides an overview of IoT, M2M Internet of Things (IoT). With the introduction of Ser- (Machine to Machine) and Industrie 4.0 requirements vice-Oriented-Architecture (SOA) in industrial auto- and illustrates solutions, technical details and imple- mation systems in 2007, OPC-UA started to offer a mentations based on OPC-UA. scalable, platform-independent solution which com- The broad approval among representatives from re- bines the benefits of web services and integrated search, industry and associations indicates OPC-UA security with a consistent data model.
    [Show full text]
  • OPC Unified Architecture for Mtconnectr
    OPC Unified Architecture for MTConnect R Companion Specification Release Candidate 2.0RC8 February 19, 2019 MTConnect R is a registered trademark of AMT - The Association for Manufacturing Technology. Use of MTConnect R is limited to use as specified on http://www.mtconnect.org/. February 19, 2019 Specification Type: Industry Standard Specification Comments: Title: OPC Unified Architecture for MT- Date: February 19, 2019 Connect Version: 2.0RC8 Software: LaTeX Authors: William Sobel, Randy Armstrong, Source: OPC_UA_MTConnect_2.0RC8.pdf John Turner, Russell Waddell, Shaurabh Singh Owner: MTConnect Institute Status: Release Candidate Document History Version Date Reason Comments Mantis 2.00 RC8 2019-02-18 Revision Added list of tables 4631 2.00 RC8 2019-02-18 Revision Added table for reset triggers and suggested status codes 4630 2.00 RC8 2019-02-18 Revision Removed data rate issue from page 77 4629 2.00 RC7 2019-02-12 Revision 2.0 RC6: 8.4.6.2 MTConnect Condition Branching Example – 4608 Need to improve documentation of condition branching 2.00 RC7 2019-02-12 Revision Document 2.0 RC 6: 8.4.7 Messages – need to improve message 4607 handling 2.00 RC7 2019-02-12 Node Ids List of NodeIds as CSV 4612 2.00 RC7 2019-02-12 Revision A chapter for Profiles and Namespaces needs to be added 4611 2.00.06 2019-01-22 Revision Added missing class types and made MTMessageType a Variable instead of an Event 2.00.05 2018-12-09 Revision Fixed Composition 2.00.04 2018-11-30 Initial Initial Release Candidate MTConnect R OPC UA Companion Specification - Release Candidate 2.0RC8 i Contents 1 Scope1 2 OPC Unified Architecture for MTConnect Companion Specification Goals2 3 Who Will Find Benefit from this Companion Specification?3 4 Normative References3 4.1 OPC UA References............................
    [Show full text]
  • Process Automation Device Information Model (PA-DIM™)
    Process Automation Device Information Model Technical White Paper Process Automation Device Information Model Executive Summary Today’s process automation field devices communicate with host systems over either analog 4-20mA connections, sometimes with embedded digital HART data; or via 2-wire digital fieldbus connections conforming generally to the FOUNDATION Fieldbus (FF) or PROFIBUS PA standards as well as wireless protocols like Wireless HART or ISA 100. Initiatives all over the world such as Industrie 4.0 (I 4.0), Industrial Internet of Things (IIoT), Open Process Automation Forum (OPAF) and the NAMUR Open Architecture (NOA) are working on concepts for digital transformation. The enormous installed base in the process industries requires a digital transformation solution which can make use of information from devices communicating via current field communication solutions. Each of these existing communication protocols employs different software structures, or information model, to represent the same information. To ensure interoperability and seamless access to device information it is necessary to standardize on the form and basic contents of the information models for certain device classes independent of a specific communication protocol. Thus enabling seamless instrumentation information flow throughout the enterprise. FieldComm Group (FCG), OPC Foundation (OPCF) and PROFIBUS/PROFINET International (PI) have taken the initiative to jointly standardize and specify the information model for Process Automation Devices - PA-DIM.
    [Show full text]
  • Iotworx™ ICONICS Iot Gateway Technology
    IoTWorX™ ICONICS IoT Gateway Technology March 2017 An ICONICS Whitepaper www.iconics.com CONTENTS About This Document ..................................................................................................................................................................................... 2 Overview and Market Needs ........................................................................................................................................................................ 3 Connecting the Internet of Things ........................................................................................................................................................ 3 What is an IoT Gateway? ........................................................................................................................................................................... 4 Who Needs a Gateway, Anyway? .......................................................................................................................................................... 4 IoT Gateway Security and Device Management .............................................................................................................................. 4 Target Markets .............................................................................................................................................................................................. 5 Introduction to ICONICS IoTWorX ............................................................................................................................................................
    [Show full text]
  • Profinet Communication Card for the Cern Cryogenics Crate Electronics Instrumentation R.K
    16th Int. Conf. on Accelerator and Large Experimental Control Systems ICALEPCS2017, Barcelona, Spain JACoW Publishing ISBN: 978-3-95450-193-9 doi:10.18429/JACoW-ICALEPCS2017-MOCPL03 PROFINET COMMUNICATION CARD FOR THE CERN CRYOGENICS CRATE ELECTRONICS INSTRUMENTATION R.K. Mastyna, J. Casas-Cubillos, E. Blanco Vinuela, N. Trikoupis, CERN, Geneva, Switzerland M. Felser, Bern University of Applied Sciences, BFH, Switzerland Abstract In order to simplicity the architecture the whole func- tionality of the FEC was moved to the crate which is now The ITER-CERN collaboration agreement initiated the smart device able to calculate, transform the raw input data development of a PROFINET® communication interface, and communicate directly with the PLC (see the Figure 2). which may replace the WorldFIP interface in non-radiation Due to the fact that the WorldFIP protocol is not recom- areas. The main advantage of PROFINET® mended for new installations the Ethernet based is a simplified integration within the CERN controls infra- PROFINET® protocol is used. The communication be- structure that is based on industrial Programmable Logic tween CIET SCADA and CRATE runs through OPC Controllers (PLCs). UA™, as this protocol is going to be available CERN prepared the requirements and subcontracted the in the netX51 chip. OPC UA™ also allows direct connec- design of a communication card prototype to the Bern Uni- tion between the CRATE and cloud data analysis module. versity of Applied Sciences (BFH). The designed PROFINET® card prototype uses the netX Integrated Cir- cuit (IC)© for PROFINET® communication and a FPGA to collect the electrical signals from the back-panel (elec- trical signals interface for instrumentation conditioning cards).
    [Show full text]
  • OPC Unified Architecture – Advantages And
    V1.1 GB OPC FOUNDATION – www.OPCfOUndAtiOn.Org Open OPC Unified Architecture – – > 450 members – Platform-neutral Advantages and possibilities of use – All areas of application for manufacturers and users of – All connections automation, IT or MES products Productivity – Industry standard OPC UA – Manufacturer-independent – Interoperability ➞ OPC Unified Architecture is the on which they are used. OPC UA – Reliability new technology generation of the supplements the existing OPC OPC Foundation for the secure, industry standard by important Standardised reliable and vendor-neutral trans- characteristics such as platform communication Collaboration port of raw data and pre-pro- independence, scalability, high via internet and – Device Integration cessed information from the man- availability and Internet capability. via firewalls – IEC 61131-3 / PLCopen – Analyzer Device Integration ufacturing level into the production OPC UA is no longer based on – ISA-95, ISA-88 planning or ERP system. With DCOM, but has been conceived ➞ OPC UA uses an – MTConnect optimized TCP-based UA OPC UA, all desired information is on the basis of a service-oriented – Smard Grid binary protocol for data ex- available to every authorised appli- architecture (SOA). OPC UA can – Field Device Integration change; Web Services and cation and every authorised per- therefore be ported very easily. – EDDL and FDT HTTP are additionally sup- son at any time and in any place. Today, OPC UA already forms ported. It is sufficient to This function is independent of the the bridge between the Enterprise open up just a single port in AddrESS: manufacturer from which the ap- level down to embedded automa- a firewall. Integrated secu- plications originate, the program- tion components – independent of rity mechanisms ensure se- OPC Foundation ming language in which they were Microsoft-, UNIX- or other operat- cure communication via the 16101 N.
    [Show full text]